Thursday, January 6, 2011

Since there was a request on the Kismet forum for a way to log to SQL, and since Rick has been bugging me for some time about doing a NIC shootout plugin to compare sniffing performance of various cards, I decided it was time to do some more Kismet client work to serve as examples.

Found in the ruby/ directory of the source, kismet.rb provides a dead simple way to interact with the Kismet server by subscribing to sentences and issuing commands, both with optional callbacks for command completion.

Logging data to SQL is as simple as opening a database with SQLite, converting the BSSID to a 64bit integer for fast comparison as the primary key, and inserting or updating rows depending on if the data was already present. The current example code logs only a few fields, patches welcome for more complete logging.

The NIC Shootout code requires a little more work - namely, taking interfaces provided by the user and finding the source UUID by subscribing to the *SOURCE sentence, ordering cards to lock channel via the HOPSOURCE command, and maintaining enough state to know that all the selected sources have updated (since Kismet sends a *SOURCE sentence per capture source) and printing out the output. Including 'pretty' output which updates a single screen instead of printing a line per output, the whole script weighs in at just around 300 lines.

Hopefully the additional examples of using the Ruby API will inspire people to develop more utility clients for Kismet.